Web Application Scan

Scan Features

• Is it possible to scan to IP adress different from orijinal log?
• When a session is expired or logout from Vex while scanning, Does Vex scanning continue?
• Is Vex capable of dynamically creating SSL certificates?
• Is there a way to check the domain whose communication has been blocked by Vex?
• Is it possible to use Vex via an local proxy?
• Is it possible to scan requests in JSON format? Is there anything to note?

See all 16 articles

Auto Crawler

• Is it possible to crawl websites using Basic authentication, Digest authentication, NTLM authentication, or client authentication
• What should be put in the "Unauthorized URL for crawling"?
• "The form does not exist" is displayed even if specifying the correct path in the "Log-in settings".
• Is there a way to hide javascript or style sheet logs on the view?
• What is a method of crawling with less affecting to the contents of the website?
• Is it possible to crawl websites crossing multiple domains?

See all 8 articles

Page Transition Diagram

• What is the upper limit number of nodes that can be displayed in the page transition diagram? Also, is it possible to raise the upper limit?
• How to fix the page transition diagram that is registered in unintended order.
• Can the page transition diagram be created even if the scanning target website was a single page application?

Handler

• What kind of scanning is "Auto setting" of "Extend Processor"?
• Setting method in case a parameter name changes dynamically.
• Is there a way to change the parameter value recorded to an arbitrary fixed value when scanning?

Scan Scenario

• Is it possible to scan the application if the user account will be lockout after the number of failed login attempts?
• How should scanning setup be done for websites where double login is prevented?

Payloads

• 【Important】Arrange the risk revel and vulnerability categories
• How to obtain a signature list
• Is there a function to create a new signature?
• What is the difference in the signatures shown in gray font and blue font on the Web "Plan" page?
• Signatures that cause high server load.
• What is the detection conditions of Error Code?

See all 9 articles

Scan Failure

• Is there a function to know whether the scanning has completed normally?
• What does the "Matched rate" in the test access result represent?

Scan Result

• A vulnerability of the product unused on the scanning site has been detected, is it false positive?
• How do I check the scanning results of all payloads of signatures that send multiple payloads?
• Correspondence between the vulnerability risk level and CVSS basic value
• What is the "Parent scanning result ID" displayed in the "Scanning information"?